Cloud storage company Dropbox has suffered a data breach after its employees were targeted by a phishing attack.
The attack, which took place on October 14, saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.
Through the attack, the hacker gained access to some of the code Dropbox stores using the platform, including API keys used by its developers.